/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.setup.trac.controller.validator;

import com.setup.trac.dao.DAOService;
import com.setup.trac.service.UserNotFoundException;
import com.setup.trac.web.form.LoginForm;
import com.setup.trac.pojo.Utenti;
import com.setup.trac.pojo.wrappers.UtentiView;
import com.setup.trac.service.SearchService;
import com.setup.trac.util.TracSetupUtil;

import java.math.BigDecimal;
import java.security.GeneralSecurityException;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.hibernate.criterion.DetachedCriteria;
import org.hibernate.criterion.Expression;
import org.hibernate.criterion.Restrictions;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.orm.hibernate3.HibernateTemplate;
import org.springframework.validation.Errors;
import org.springframework.validation.Validator;
import org.springframework.web.bind.ServletRequestUtils;

/**
 * 
 * @author edoardo
 */
public class LoginFormValidator implements Validator {

	private SearchService searchService;
	private TracSetupUtil tracSetupUtil;
	private DAOService daoService;

	public SearchService getSearchService() {
		return searchService;
	}

	public void setSearchService(SearchService searchService) {
		this.searchService = searchService;
	}

	public boolean supports(Class<?> type) {
		return type.isAssignableFrom(UtentiView.class);
	}

	public void validate(Object o, Errors errors) {
		try {
			UtentiView loginForm = (UtentiView) o;
			String md5 = tracSetupUtil.md5(loginForm.getUtenti().getUsername()
					+ loginForm.getUtenti().getPassword());
			String username = loginForm.getUtenti().getUsername();
			// DetachedCriteria criteria =
			// DetachedCriteria.forClass(Utenti.class);
			// criteria.add(Restrictions.eq("username", username));
			UtentiView result = getSearchService().findUtenteByUsername(
					username);
			if (!result.getUtenti().getAbilitato()) {
				errors.rejectValue(
						"utenti.username",
						"",
						"L'utente non ha l'abilitazione per accedere al sistema. Contattare l'amministratore.");
			}

			Object password = result.getUtenti().getPassword();
			if (!password.equals(md5)) {
				if (!errors.hasErrors()) {
					errors.rejectValue("utenti.password", "",
							"La password è errata");
				}
				if (!result.getUtenti().getProfilo().getDescrizione()
						.equalsIgnoreCase("ADMINISTRATOR")) {
					result.getUtenti().setErroreAccesso(
							new BigDecimal(result.getUtenti()
									.getErroreAccesso().intValue() + 1));
					if (result.getUtenti().getErroreAccesso().intValue() == 3) {
						result.getUtenti().setAbilitato(false);
					}
					getDaoService().update(result.getUtenti());
				}
			}

		} catch (UserNotFoundException ex) {
			errors.rejectValue("utenti.username", "", "Utente inesistente");

			Logger.getLogger(LoginFormValidator.class.getName()).log(
					Level.SEVERE, null, ex);
		} catch (GeneralSecurityException ex) {
			Logger.getLogger(getClass().getName()).log(Level.SEVERE, null, ex);
		}

	}

	public TracSetupUtil getTracSetupUtil() {
		return tracSetupUtil;
	}

	public void setTracSetupUtil(TracSetupUtil tracSetupUtil) {
		this.tracSetupUtil = tracSetupUtil;
	}

	public DAOService getDaoService() {
		return daoService;
	}

	public void setDaoService(DAOService daoService) {
		this.daoService = daoService;
	}
}
